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Abstract. Brizolis asked for which primes p greater than 3 does there exist 
a pair (g, h) such that /i is a fixed point of the discrete exponential map with 
base g, or equivalently /i is a fixed point of the discrete logarithm with base 
g. Zhang (f995) and Cobeli and Zaharescu (f999) answered with a "yes" for 
sufficiently large primes and gave estimates for the number of such pairs when 
g and h are primitive roots modulo p. In 2000, Campbell showed that the 
answer to Brizolis was "yes" for all primes. The first author has extended this 
question to questions about counting fixed points, two-cycles, and collisions of 
the discrete exponential map. In this paper, we use p-adic methods, primarily 
Hensel's lemma and p-adic interpolation, to count fixed points, two cycles, 
collisions, and solutions to related equations modulo powers of a prime p. 



1. Introduction 

The idea of counting fixed points of discrete exponential functions is usually 
traced back to Demetrios Brizolis (see Paragraph F9]), who asked whether, 
given a prime p > 3, there is always a pair {g,x) such that 5 is a primitive root 
modulo p, g,x Q {1, . . . ,p — 1}, and 

(1) = X (mod p) ? 

We can regard solutions to this equation as fixed points of a discrete exponential 
function. Wen- Peng Zhang ([20]) proved that the answer to Brizolis' question was 
always yes for sufficiently large p, a result which was rediscovered independently by 
Cobeli and Zaharescu in f6j. Mariana (Campbell) Levin proved the result for all 
primes in [5]. (See also [19 .) 

Zhang (and independently Cobeli and Zaharescu) also provided a way of esti- 
mating the number of pairs {g, x) which satisfy the conditions above and also have 
X being a primitive root. Specifically, if N{p) is the number of such pairs given a 
prime p, we have: 

Theorem 1 (Zhang, independently by Cobeli and Zaharescu). 

0(p~l)2 



N{p) 



p~l 



<d{p-iy^{l + \np), 
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where d{p — 1) is the number of divisors of p — 1. 

The first author, in |131I14] investigated the problem of counting the number of 
solutions to Brizolis' conditions when g and x are not necessarily primitive roots. 
If Fiji) is the number of such pairs {g,x), it was conjectured that 

F{p) ^ (p - 1) 

as p goes to infinity. It was proved by the first author and Pieter Moree in fTH 
Thm. 4.9] that this is true for a set of primes of positive relative density. Bourgain, 
Konyagin, and Shparlinski proved in 3 that the conjecture is true for a set of 
primes of relative density 1. The same authors proved in [3], that a weaker result, 
F{p) = 0{p), is true for all p, and also that F{p) > {p — 1) — o{p) for all p. 

This paper was motivated by the attempt to similarly count solutions (g, x) to 
the equation 

(2) g'= = x (mod p"") 

with g^x dz {1, . . . p \ g and p \ x. Based on numerical evidence, we conjecture 
that the number of these solutions is asymptotically equivalent to p'^~^(p — 1) as. p 
goes to infinity, and furthermore that the number of solutions with g = i modulo p 
is asymptotically equivalent to p'^~^ for any i as p goes to infinity. We would expect 
that the techniques used to prove the theorems above could also be applied to this 
case. 

We then attempted to investigate the situation as p is held fixed and e goes 
to infinity. This led naturally to an examination of the function x t-^ g^ where 
g is fixed and x ranges through the p-adic integers Zp, which is carried out in 
Sections [2] and [3l The (perhaps) surprising discovery is what happens when we 
look for solutions a; to Q not in the set {1, . . . ,p'^} but but rather in the "correct" 
set {1, . . . ,p'^m}, where m is the multiplicative order of g modulo p. We show in 
Section |4] that the number of solutions in this more natural setting is exactly what 
one would expect from our conjectures, with no error term. (In the case e = 1, |19j 
observes that it is easy to find fixed points outside the set {1, . . . ,p} but does not 
explicitly count them.) Lev Glebsky, in P|, proves a similar result to ours in the 
case where m = p — 1 using a very different methodQ 

The papers p^Hl5] also investigated three related questions: the number of two- 
cycles of the discrete exponential function, or solutions to 

(3) g'' = a mod p and g'^ = h mod p, 
the number of solutions to a discrete self-power equation 

(4) = c mod p 

for fixed c, and the number of collisions of the discrete self-power function, i.e., 
solutions to 

(5) h'' = a" mod p. 

It was conjectured in these papers that the number of solutions T{p) to ([3]) with 
1 < g,h,a < p — 1 and h ^ a modulo p was 

T{p)^{p-1), 



Our thanks to Igor Shparlinski for this reference. 
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the number of solutions S{p; c) to (|4]) with I < x < p — 1 was 

(l){dm) 

where m is the order of c modulo p, and the number of solutions C (p) to ([5]) with 
l</i, a<p— 1 and h ^ a modulo p was 

2 

4>{dm) \ -^—^ J2{d) 
dm 



where J2{n) = n'^Y\p\ni^ — P ^) is Jordan's totient function, which counts the 



number of pairs of positive integers all less than or equal to n that form a mutually 
coprime triple together with n. Balog, Broughan, and Shparlinski ([I]) showed the 
weaker statements that S{p;c) < ^1/3+0(1)7712/3 g^^^^ S{p;c) < pi+°(i)m~^/^^, and 
that C{p) < p48/25+o(i)^ nontrivial theorems on T{p) seem to be known up 
to this point, although Glebsky and Shparlinski ( 10 ) prove some relevant results 
when g is held fixed. 

In Section [SJ we investigate the number of solutions to the equations 

(6) g'' = a mod p^ and g"^ = h mod p^ , 

where g is fixed and h and a are in {1, . . . ,p'^m\ with much the same results as 
before. We also indicate how to generalize this to more equations. (Some of these 
results are also proved in [S].) In Section [B] we similarly investigate the equation 

(7) = c mod p"^ 

for fixed c, and a; in {1, . . . — 1)}, and in Section [7] we investigate the equation 

(8) = a'' mod p" 

for h and a in {1, . . . ,p'^{p — 1)}. 

The use of the discrete exponential function x ^ g^ mod p for g a primitive root 
is well known in cryptography; its inverse is commonly referred to as the discrete 
logarithm and computing it is one of the basic "hard problems" of public-key cryp- 
tography. (See, for example, [TSl Section 3.6].) There are also uses of the function 
when g is not a primitive root, for example, in the Digital Signature Algorithm. 
(See, e.g., [TSl Section 11.5]. Finally, a few cryptographic algorithms involve the 
self-power function x ^ x^ mod p — notably variants of the ElGamal signature 
scheme, as noted in [181 Note 11.71]. The security of these cryptographic algo- 
rithms rely on the unpredictability of the inputs to these maps given the outputs. 
The results above and the ones in this paper go some way toward reassuring us that 
these maps are in fact behaving as if the inputs are randomly distributed given only 
basic facts known about the outputs. 



2. Interpolation 

Let g e Z be fixed and take p an odd prime. In order to count solutions to g^ = x 
(mod p'^), the obvious first step would be to interpolate the function f{x) = g^, 
defined on a; e Z, to a function on a; € Zp. Unfortunately, this is not possible unless 
5 G 1 +p1'p. (See for example, [TTJ Section 4.6], or [ITl Section II. 2].) However, if 
we "twist" the function slightly, then interpolation is possible. 
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To do this, let //p-i C be the set of aU (p — l)-st roots of unity. Then for 
odd prime p, we have the Teichmiiller character 

a; : 

which is a surjective homomorphism. It is known that has a canonical decom- 
position as Zp ^ Mp-i ^ (1 + P^p) [HI Cor. 4.5.10], and thus for x in Z^ we may 
uniquely write x — uj(x) {x) for some {x) S 1 +pZp. 

Proposition 2 (Prop. 4.6.3 of [U; see also Section II.2 of [H]). For p ^ 2, let 

g G Zp and Xq G Z/{p — 1)Z, and let 

Ixo — {x G Zi \ X = Xq (mod p — 1)} C Z. 

/,„(x)=c.(.gr« {gf 

defines a function on Zp such that fx„ (x) — g^ whenever x G Ix^ ■ 

In fact we can push this a little further: 

Proposition 3. Let m be any multiple of the multiplicative order of g modulo p, 
p ^ 2, such that m \ p — 1. Let g G Z^ and xq G Z/mZ, and let 

Ixo ~ {x £ Z \ X = Xq (mod C Z. 

Then 

fxo{x)^u^{gr {gf 
defines a function on Zp such that f^g (x) — whenever x G Ixo ■ 

Proof Since = 1, uj{g)"' = uj{g"') = 1. If xq,x'q G Z/(p - 1)Z and xq = x'q 
(mod m), then the two functions fxQ and fx'^ given by Proposition [2] are equal and 
agree with g^ on Ixo ^ Ix'g ■ D 

Also, as noted for p 7^ 2 in [11], these functions fit together into a function on 
Zp X Z/mZ defined by ^(2^1, xq) = fxoixi), such that if a: G Z and x = xq (mod m) 
we have F(x,x) — fxo{x) = g^. Then we have a diagram: 

Zp X Z/mZ !• Z^ 

Z/p^Z X Z/mZ — ^ (Z/p-^Z)^ 

where the vertical arrows are the natural surjections. This commutes as a conse- 
quence of the following lemma: 

Lemma 4 (Cor. 4.6.2 and just below of [11] or Lemma 2.2.5 of ). For any 

positive integer k, (1 +pZp)'^ C 1 +pkZp. 

The lemma implies that (g)'' =1 (mod p'^), and therefore (g)"^ = (g)^ (mod p^) 
when X = x' (mod p'^). (Recall that Zp/p'^Zp is isomorphic to Z/p'^Z for any e.) 
For p 7^ 2, if we let A be the diagonal inclusion map 

A : Z ^ Zp X Z/mZ 
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given by the canonical injection Z Zp and the canonical surjection Z -» Z/mZ, 
then the previous diagram extends nicely to: 

Z r 

Zp X Z/mZ Z^ 

Z/p^Z X Z/mZ — ^ (Z/p^Z)^ 




Z/p'^mZ 

where the isomorphism is given by the Chinese Remainder Theorem. Furthermore, 
the composition of the maps on the top line is just the map x i-^ and the 
composition across the bottom line is the map a; i— > modp*^: 




Z/p^Z X Z/mZ — ^ (Z/p^Z) 




Therefore finding all solutions {xi,xq) to F{xi,xo) = xi (modp*^), which is the 
same as finding all solutions to fxoixi) = xi (mod p'^) for all possible xq G Z/mZ, 
will give us all solutions to = x (mod p*^) as x ranges over Z/p'^mZ. 



3. Hensel's Lemma 

Definition 1 (Defn. IIL4.2.2 of |2j). A power series f{xi,X2, • ■ • ,Xn) in the ring 
of formal power series Zp[[a;i, . . . ,Xn]] with coefficients in Zp is called restricted if 
/(xi, . . . , x„) = J2{ai} C'qi,q2,- - .ctn^i ^ ' ' ' 2;"" and for every neighborhood F of in 
Zp there is only a finite number of coefficients Cai,a2,--- ,an not belonging to V (in 
other words, the family {Cai,a2,--- .a^) tends to in Zp). 

In particular, the series in this paper are going to be such that Co,o....,o G and 

Ca^,a2,...,a„ G p"i+"2 + ---+""-^Zp whcu «! + ^2 H h a„ > 0. 

In this section, we include two versions of Hensel's lemma. The first version is 
for n restricted power series in n unknowns. 

Proposition 5 (Cor. III. 4. 5. 2 of [2 ). Consider a collection of n restricted power 
series fj{xi,X2, ■ . ■ , Xn) for 1 < j < n in Zp[[xi,X2, ■ ■ ■ , Xn]]. Let (ai, a2, . . . , a„) he 
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a vector in such that the determinant of the Jacobian matrix at (ai, 02, . . . , a„) 

d{flj2,---Jn) 



-(01,02, . . . ,o„) 



d{xi,X2, . . . ,x„) 

is in Zp and fj(ai,a2T--,an) = (mod p) for 1 < j < n. Then there exists 
a unique {xi,X2, ■ ■ ■ ,Xn) G Z^ for which Xi = Oi (mod p) for 1 < i < n and 
fj{xi,X2, ■ ■ ■ ,Xn) = inZp for I < j < n. 

As a corollary we get a generalization of one of the standard formulations of 
Hensel's Lemma to the case of restricted power series. 

Corollary 6. Let f{x) be a restricted power series in Zp[[a;]] and a be in Zp such 
that ^(a) is in and f{a) = (mod p). Then there exists a unique x G Zp for 
which X = a (mod p) and f{x) =0 inlip. 

In our discussion of collisions below we will also need a "lifting lemma" for 
restricted power series of more than one variable which will allow us to count 
solutions modulo higher powers of p if we know the number of solutions modulo 
p. The following proposition, which the second author learned from Igusa's 1986 
"Automorphic Forms" class at Johns Hopkins, is a generalization of the version of 
Hensel's Lemma in Lemma HL2.5 of [16 to the case of restricted power series, with 
explicit counting of the fibers. 

Proposition 7. Let f(xi,X2, ■ ■ ■ ,Xn) be a restricted 
Let 

df 

iVe = {a e (Z„/p'=Zp)" I -^(a) e for some I < i < n and /(a) = (mod p")} 
oxi ' 

for e > 0, where a indicates reduction of a to the appropriate residue class. Then 
ip '■ Ne+i — > Ne is a well-defined canonical surjection with the cardinality of the 
fiber equal to 

In particular, a point a = (01,02, . . . ,o„) € N^, can be lifted in p"^^ different 
ways to a point b = (61, &2, • • • , ^n) € A'e+i such that bi = o; (mod p*^) for 1 < i < 
n, so that the relationship between the cardinalities of the sets is: \Ne+i \ ~ p"'^^\Ne\ 
for e > 0. 

4. Fixed Points 

Theorem 8. For p 2, let g € Z^ be fixed and let m be the multiplicative order 
of g modulo p. Then for every xq € Z/mZ, there is exactly one solution to the 
equation 

for a; € Zp . 

Proof. We start by finding solutions modulo p. We know that (g) = 1 (mod p) , so 
the equation reduces to 

CLj{g)^" = X (mod p). 
For fixed g and xq, this obviously has exactly one solution. 
Since we know that (g) is in 1 +pZp, we have that 

(5)"-exp(xlog((5))) = l + x\og{{g)) + xHog{{g))y2\ 

+ higher order terms in powers of log{{g)) 
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where from the definition of the p-adic logarithm we know that \og{{g)) e pZp. 
Therefore we have a restricted power series and we can apply Corollary [6l which 
gives us a unique solution in Zp. □ 

Corollary 9. For p ^ 2, let g ^ T, he fixed such that p \ g and let m he the multi- 
plicative order of g modulo p. Then there are exactly m solutions to the congruence 

recalled) 9^ = x (mod p'^) 

for X € {1, 2, . . . ,p'^m}. Furthermore, these solutions are all distinct modulo p*^ and 
all distinct modulo m. 

Proof. Theorem [8] implies that for each choice of xq G Z/mZ there is exactly one 
xi G Z/p'^Z with the property that 

ojigr {gf' = xi {modp^). 

By the Chinese Remainder Theorem, there will be exactly one x G Ijp'^raTL such 
that a; = Xq (mod m) and x = x\ (modp*^). By the interpolation set up since 
x = xq (mod m), we know that for this x: 

g- = w(g)-« {gf ^ x (mod p^). 

Finally, since exactly one such x exists for each xq, we have our m solutions to the 
congruence. 

□ 



5. Two-Cycles 

Definition 2. For a fixed prime p and for some g ^ "L, p \ g, the pair (/i, a) G 
{1, . . . tP'^(jp — 1)} , p \ h, p \ a will be a two-cycle modulo p'^ associated with g if 
h ^ a (mod p'^), and 

dH recalled) 9^ ^ a mod and g"^ ^ h mod p^. 

Definition 3. When we count the numher of two-cycles modulo p"^, we will not 
distinguish between the two-cycle {h,a) and the two-cycle (a, ft,). Thus, we define 
the number of two-cycles modulo p'^, or \T(.\, as 



\Te\ = l\{he{i,...,fip-i)},p\h I 

h^a (modp^), g^ ^ a (modp^), and g"" ^ h (mod p*^) 
for some g G (Z/p^Z)^ and a G {1, . . . ^p^ip -I)} ,p\a^ . 

Proposition 10. Forp ^ 2 and a fixed g G Z^ , letm he the multiplicative order of 
g modulo p. Then for every pair {xo, yo) G (Z/mZ)^, there is exactly one solution 
to the system of equations 

uj{gr{gt = a 
^{9?"{9T = h 



for {h,a) G Z2. 
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Proof. We start by finding solutions modulo p. If we let 

/i(/i,a) = Lo{gro{gf~a 

f^iKa) = u{g)y'^{gr-h 

then modulo p this system reduces to 

/i(/i,a) = i^j{gf"-a (mod p) 

f2{h,a) = ujig)y°-h (modp) 

which clearly has exactly one solution {h,a) = {uj{g)^° ,Lu{g)y°) for fixed g, Xq and 
Uq. The power series representations for fi{h,a) and f2{h,a) are restricted power 
series with 

uj{gr{\og{{g)) + h\og{{g)f + ■■■) = () (mod p) 

— 1 = — 1 (mod p) 

— 1 = — 1 (mod p) 

u{g)y-{ \og{{g)) + alog((5))^ + •••) = (mod p) 



dh 
dh 
da 
dh 

dh 



da 

Thus the determinant of the Jacobian matrix is congruent to -1 modulo p and by 
Proposition [5] the unique solution modulo p to this system lifts to a unique solution 
(/i,a)eZ2. □ 

Proposition 11. For p 7^ 2 and a fixed g ^ Z,, p \ g, let m be the multiplicative 
order of g modulo p. Then if 

\Te,g\ = ^ {he {l,...,p''m},p\h I h^a (modp'^), 
g'' = a (mod p'^), and g"' = h (mod p'^) 
for some a G {1, . . . ,p^m} ,p | a| . 
is the number of two-cycles modulo p'^ associated with that particular g, 

\Te^g\ = (jr?-m)l2. 

Proof. Parallel to the proof of Corollary |9l for each choice of (xo,yo) in (Z/mZ)^, 
Proposition [TUl gives us exactly one pair {h,a) in (Z/p^mZ)^ satisfying g*^ = a 
(mod p'^) and g"" = h (modp'^). Thus there are nn? such pairs total, but m of 
them correspond to the case where h = a (mod p*^). Dividing by 2 to account for 
swapping the roles of h and a gives us the proposition. □ 

Theorem 12. For a given prime p 7^ 2, the number of two-cycles \T^\ is 

|Te|= J2 0Mp'''b-l)(m-l)/2. 

m| (p— 1) 

Proof. First note that if an ft, in {1, . . . ,p^m} forms part of a two-cycle associated 
with g and a, then the values in {1, ... ,p'^(p — 1)} which do the same will be exactly 
those which are congruent to ft modulo p'^ and modulo m, and thus modulo p^m. So 
each element of T^^g gives rise to exactly (p— l)/m elements of in this fashion. On 
the other hand, if some a in {1, ... ,p'^(p — 1)} forms part of a two-cycle associated 
with ft and g, then so will an a in {!,... ,p'^m\ which is congruent to it modulo 
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p'^m. So each element of Te^g gives rise to only one element of Te in this fashion. 
Therefore we have 

\Te\= E 

□ 

Alternatively, we can count rooted closed walks rather than cycles, a viewpoint 
which in some ways lends itself better to generalizations. 

Definition 4. For a fixed prime p and for some g E Z, p \ g, the ordered tuple 
(hi, . . . , hk) is a rooted closed walk of length k modulo p"^ associated with g if the k 
equations 

g''^ = /i2 mod p'', 
g'''^ = h3 modp^ 

g"" = h, 

are satisfied. 

Then Corollary IH] is equivalent to saying that there are exactly m rooted closed 
walks of length 1 associated with g in {1, 2, . . . ,p'^m}, and Proposition [TT] is equiv- 
alent to saying that there are rooted closed walks of length 2 associated with g 
(including the fixed points) in {1, 2, . . . ,p'^m}^. In an exactly parallel manner, we 
can prove the following generalization: 

Theorem 13. For p ^ 2 and a fixed g G Z, p| let m be the multiplicative order 
of g modulo p. Then there are exactly rooted closed walks of length k modulo p^ 
associated with g in {1, 2, . . . ,p^m}'' . Furthermore, any two of these rooted closed 
walks are distinct modulo p'^ and distinct modulo m. 

Remark 1. In the case where m — p — 1, this is an equivalent statement to 
Theorem 1 of [9], where it is proved using purely combinatorial methods. For 
general m, our statement implies that of [S]. 

6. Self-Power Solutions 

We now turn to the function x ^-^ mod p, which is sometimes known as the 
self-power map. 

The proof of the following elementary lemma was essentially worked out in The- 
orem 2 of [H]. 

Lemma 14. For p 7^ 2, let c S {'L/p'L)^ he fixed and let m be the multiplicative 
order of c modulo p. Also fix xq e {0, 1, ... ,p — 2}. Then the number of solutions 
X € (Z/pZ)^ to the equivalence 

x'^° = c (mod p) 




mod p*^, 
mod p^ 
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IS 

1) ^fgcdixo,p^l)\^; 
otherwise. 

Proof. For a fixed integer t the set of t-th powers, Pt = {x* | x E (Z/pZ)^} forms 
a subgroup of index gcd(i,p — 1) in (Z/pZ)^. Using our set cardinality notation, 
we have that \Pt\ — (p — I)/ gcd{t,p — 1). If gcd(a;o,p — 1) t then c is not in 
Pxg, SO x^° = c (mod p) cannot have any solutions. Otherwise, any element of Px^ 
is an XQ-th power in exactly gcd{xo,p — 1) ways, so the equivalence has exactly 
gcd(xo,_p— 1) solutions. □ 

Corollary 15. For p ^ 2, let c G {Zi/pli)^ be fixed and let m be the multiplicative 
order of c modulo p. Then the number of solutions x € {1, 2, . . . ,p{p — 1)} to the 
equivalence x^ = c (mod p) such that p \ x is given by the formula: 

gcd(a;o,p- 1) = ^ ^ i^~d~' 

Proposition 16. For p ^ 2, let c E Z^ be fixed and let m be the multiplicative 
order of c modulo p. Then for fixed xq G Z/(p — 1)Z, the number of solutions to 
the equation 

^{Xfo {xf = C 



for X Elp 



gcd(xo,p-l) if gcd{xo,p-l)\^; 
otherwise. 



Proof. For a fixed xq, we consider the function 

f{x)^uj{xY- {xf -c 

and look for solutions x € Z^ to /(x) = (mod p). Since we know that {x) is in 
1 + pip , we have that 

(2;)"= =exp(a;log((a;))) = 1 + a;log((a;)) + log((2:))V2! 

+ higher order terms in powers of xlog((a;)) 

where from the definition of the p-adic logarithm we know that log((a;)) G pip. 
Now if we consider the power series representation of /(x), we see that 

f{x)=u:{xY° + Lo{xfx\og{{x)) 

+ higher order terms in p^lp. 

Since uj is constant on each of the p — 1 disjoint cosets of pip that cover Z^ or 
see [T71 Prop. 2, Section IV. 2], we have that 

^ = w(a;)"''[log((x)) + 1] = uj{xY'' (mod p) 
dx 

since log((a;)) G pip. As lo{xY° ^ (mod p), we have by Corollary IH] that the 
number of solutions in 1p is the same as the number of solutions in Lemma [HI □ 
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Corollary 17. For p ^ 2, let c G Zp be fixed and let m be the multiplicative order 
of c modulo p. Then the number of solutions to the congruence 

(m recalled) ee c (mod p'') 

for X such that a; G {1,2,.. ■p'^{p — 1)}; p\x, is given by the formula: 

gcd(xo,p- 1) = ^ ' ^ 

0<xo<p-2 ^|£^ 
gcd(a:o,p-l)|£^ 

Proof. The proof is parallel to that of Corollary [9l □ 

7. Collisions 

Definition 5. The set of solutions (h, a), where h and a G {1, 2, . . .p{p— 1)}, p\h 
and p\ a, to the equivalence 

= a" (mod p) 

will be denoted Ci for collisions and we will use the notation \Ci \ for the number of 
such collisions. More generally, we will use the notation |Ce| to denote the number 
of collisions {h, a), where h and a G {1, 2, . . .p'^ij) — 1)}, p \ h and p \ a, which are 
solutions to the equivalence 

/i''EEa" (modp"^). 
Recall that x indicates reduction of x to the appropriate residue class. 
Lemma 18. For fixed Xf) and yo G {0, 1, . . . ,p — 2}, if 

= {(x,y) G ((Z/pZ)^)2 I - = in 'L/pZ], 

then 

\N(\ = (p-l)gcd(xo,2/o,p-l)- 

Proof. For a fixed integer t the set of t-th powers, Pt = {a;* | x G (Z/pZ)^} forms 
a subgroup of index gcd(t,p — 1) in {1/p'l,)'^ . Using our set cardinality notation, 
we have that \Pt\ = {p — 1)/ gcd(i,p — 1). Let 3 — Pxq PI Pya^ then 3 is a subgroup 
of order 

PHgcd(|P.J,|P,J)^ (.-l)gcd(.o,yo,.-l) 



gcd(a;o,p- l)gcd(yo,p- 1)' 

Now, we need to count all (x, y) G ((Z/pZ)^)^ such that x'^" = y^" (mod p). If 
x^° = yy° (mod p) then x^° and are in the set 3 above. Thus, we have that 

liV;"! =^|{xG (Z/pZ)^ |a;^° =i (mod p)}| • |{y G (Z/pZ)^ | = i (modp)}| 

For each i G 3, \{x G (Z/pZ)^ | ee i (mod p)}\ = gcd(a;o,_p - 1). So that 
l^i""! = PI • gcd(a;o,p- 1) • gcd(yo,p- 1) = (p - 1) gcd(a;o, yo,P - !)■ 

□ 
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Proposition 19. For p =/= 2 and for fixed xq and yo G — 1)Z, if we consider 
the function f{h, a) — uj(hy^" {h)^ — a;(a)^" (a)" for h,a £ Zp and let 

ITV^I = \{Ch,a) e {{Zp/pZ.prf I f{h,a) = (modp)}| , 

then 

l = (p-l)gcdK,j/o,p-l) 

Proof. For a fixed xq and j/Oi we look for solutions h,a € to /(ft,, a) = mod p. 
Since we know that (/i) and (a) are elements in 1 +pZp, we have that 

= exp(/ilog((/i)))==l + /ilog((ft)) + ft2iog((ft))2/2! 

+ higher order terms in powers of h\og{{h)) 

where from the definition of the p-adic logarithm we know that log( (/i) ) G pZp . Now 
if we consider the number of solutions \N^\ using the power series representation 
of f{h, a), we see that 

(9) fih,a) — uj{hy' — u!{a)^° + higher order terms in pZp. 

In this way, we see that 

\N^\ = \{Ch,a) e ((Z/pZ)^)2 I uj{hf« --uj{a)y° =0 (modp)}|. 
From this expression and Lemma 1181 we have that 

liVi^l = (p-l)gcd(xo,2/o,p-l)- 

□ 

Corollary 20. Forp ^ 2, the number of collisions (h, a) for h and a € {1, 2, . . . ,p{p— 
1)} such that p \ h, p \ a, and h^ = a° (mod p) is given by the formula: 

\Ci\^ J2 (p-l)gcd(xo,2/o,p-l) = (p-l) ^ d J2((p-l)/d) 

0<xo,yo<p—2 d\p—l 

where J2{n) — n^Y\p\n{^ ~ P^^) Jordan's totient function, which counts the 
number of pairs of positive integers all less than or equal to n that form a mutually 
coprime triple together with n. 

Proposition 21. For p =/= 2 and for fixed xq and yo G Z/(p — 1)Z, if we consider 
the function f{h, a) — uj{h]^" {h)^ — Lo{a)y° (a)" for h,a £ Z^ and let 

N: = {{h,a) G ((Zp/p%)><)2 I f{h,a) = (modp-^)}, 

then 

\n:\=p^-^\n^\. 

Proof. Looking more carefully at our series representation for /(ft, a) in Equation[5] 
from Proposition [THl we have that 

f{h,a)=uj{hY'> -oj{a)y" + cj(ft)^"ftlog((ft)) - w(a)y''alog((a)) 

+ higher order terms in p^TL^. 

Since u) is constant on each of the p — 1 disjoint cosets of pZp that cover Z^ or see 
[TTI Prop. 2, Section IV.2], we have that 

%■ = c.(ft)-°[log((ft)) + 1] = c.(ft)-" (mod p) 
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since log((/i)) G pZp. As oj{h)^" ^ (mod p), we have by Proposition [7] with n = 2 
that 

\N^\=p\N^_,\. 

for e > 1, and our Proposition follows. □ 

Corollary 22. For p ^ 2, there are exactly \Ce\ — p'^~^\Ci\ collisions that are 
solutions to the congruence 

© recalled) = a" (mod p") 

for {h, a) such that h and a G {1, 2, . . .p'^{p — 1)}, p \ h, p \ a. 

Proof. The proof is parallel to that of Corollary [9] □ 

Remark 2. Note that CoroUariesBUlandl^could also have been proved by squaring 
the results of Corollaries [15] and I17[ respectively, and summing over all c. 

8. Conclusions and Future Work 

Previous work on solutions to ([l} and related equations has focused on finding 
how primitive roots modulo p, or specified powers of primitive roots, are distributed 
in arithmetic progressions contained in {1, . . . ,p} with differences dividing p — 1. 
We hope that this paper shows that another course might also be fruitful: start 
with the solutions to an exponential equation which are in {!,..., p(p— 1)} (or 
{1 . . . ,p'^{p — 1)}) and determine how they are distributed among the subintervals 
of length p (or p'^). Furthermore, we think the use of p-adic numbers also suggests 
new lines of attack that may be useful in the future. For example, the ability to 
extend the p-adic exponential function to rings of integers in extension fields of Qp 
might provide a useful way of looking at, or even posing, new problems in finite 
field extensions of Z/pZ. 

In future extensions of this work we hope to consider solutions of more exponen- 
tial equations, including the equation 

(10) h''^'^ = a"/'^ modp^ d ^ gcd{h, a,p - 1) 

considered (with e = 1) in 15' as closely related to (jS)). Another problem that 
should be tractable using our methods is finding solutions of 

(11) g''^^^" = X mod p^ 

for c fixed. This was raised in 7 (with e = 1) as related to "Golumb rulers", which 
have applications in error correction and in controlling the effects of electromagnetic 
signals interference. Finally, one could consider the "discrete Lambert" map x i— >■ 
xg^ for g fixed, which is related to the standard ElGamal signature scheme and the 
Digital Signature Algorithm in a similar fashion to the way the self-power function 
is related to its variants. Then one could ask for solutions of 

(12) xg"" = c mod p" 

for fixed c, or collisions of the discrete Lambert map, namely solutions of 

(13) kg'' EE mod p". 

Finally, for completeness one should investigate the situation whenp = 2. Count- 
ing solutions modulo p is trivial in this case, but the p-adic situation is slightly more 
complicated than in the p^ 2 case. 
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